Surgical robots -- smart but insecure

Taylor Armerding |
June 3, 2015

Remote surgical robotics offers the promise of bringing the best medical expertise anywhere in the world. But, so far, it can also be risky business, as a team of researchers demonstrated in a series of hacks

Replacing a hacked credit card is an annoyance. Rebuilding a hacked identity can be a time-consuming and expensive headache.

But the potential damage from a hacked surgical robot makes those and just about every other threat trivial by comparison: It could threaten your life.

And that made a recent set of hacking demonstrations by a team of researchers from the University of Washington (UW) more than a bit unsettling, undermining some of the promise that remotely controlled surgical robots can bring to medical care -- delivering top-tier surgical expertise anywhere in the world.

The team reported in a recent paper that it was able to hack into the control system of the Raven II surgical robot, developed by UW and the University of Santa Cruz, and disrupt the directions from the surgeon.

Through vulnerabilities in the communications technology involved in telesurgery, they were able to launch several types of attacks and cause problems ranging from "jerky motion of robot's arms," modifying the instructions from the surgeon and even a complete takeover of the robot.

The Raven II, designed to reduce the size of such robots while improving their durability so they can be used in extreme environments such as battlefields, has two arms that a surgeon controls from a console that includes video and haptic (tactile) feedback.

But, as the researchers noted, the robot software is based on open-source standards, such as Linux and the Robot Operating System, and communicates with the console over public, and in some cases wireless, networks, which are notoriously insecure.

"Due to the open and uncontrollable nature of communication networks, it becomes easy for malicious entities to jam, disrupt, or take over the communication between a robot and a surgeon," wrote lead author Tamara Bonaci and her five colleagues.

"We are able to easily stop the robot from ever being properly reset, thus effectively making a surgical procedure impossible," they wrote, also noting that the video connection was publicly available, allowing almost anybody to watch the operation in real time. (Also read: How Dangerous Could a Hacked Robot Possibly Be?)

The paper prompted a flurry of stories in the trade press. But some experts, while acknowledging the vulnerabilities and that the demonstration attacks are credible, say it should not cause panic -- they don't think this means every remote, robotic procedure is a catastrophe waiting to happen.

"Hacking anything is possible," said Lance Spitzner, research and community director for SANS Securing The Human. "But healthcare has a lot of bigger security issues than this."